Page MenuHomePhabricator

systemd introduces memory protection
Open, NormalPublic


A great new security feature comes to systemd. Will be good to have for Whonix daemons:

Systemd 231 will allow the MemoryLimit and TasksMax and related unit settings to be specified as a percentage, support for the "memory" cgroup controller on cgroupsv2, a new MemoryDenyWriteExecute (optional) setting to prevent a service from creating memory mappings that are writable and executable at the same time (great for security!), systemd-resolved improvements, various other network-related systemd additions, support for VERSION_CODENAME in the os-release file, and many other changes.